Encrypting content can prevent unauthorized access to its plain (e.g., non-encrypted) version. Content that is in plain-version, however, may be accessible by unauthorized parties. In some cases content is left in plain-version in exchange for free service, which leaves that content accessible to third parties, including the service provider itself.
Methods, such as public key infrastructure (PKI) encryption and symmetric key encryption, may provide some measure of confidentiality. There are, however, competing considerations between data privacy and access that may be mandated to third parties, e.g., by the courts or law enforcement. Supporting such legal access may include enabling third party access to information, e.g., in the cloud, when lawfully authorized, even without consent of the content owner. For example, information may need to be accessed if a crime is committed. However, since law enforcement typically has no access to cryptographic keys, access may be difficult, if not impossible, in practice.
In some cases, a “back door” may be provided, which allows authorities to access encrypted content, even though they may not have the necessary access mechanisms. Such back doors, or other similar mechanisms, can create vulnerabilities that may also be exploited by third parties.